# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 16
# self = https://watcher.sour.is/conv/phdhdyq
To clarify, I was thinking before (and even discussed in TextoPlano but it had no traction) on a public channel where you store messages that anyone can read, but only a person with the private key can decrypt.
I think the concept is cool, even if I've read the security advice from Signal, Session and other IM services, about things I was forgetting on security and strong encryption. Here: https://eprint.iacr.org/2016/1013.pdf
With that said, I don't see how twtxt could be a good place for that kind of encrypted messages. Am I missing something?
@eaplmx I think you are not understanding what’s being proposed—I don’t claim I fully do either, but I didn’t comment on @prologic’s twt because of that same reason—or didn’t understand the RFC @prologic linked. From the decrypt portion:
> Client sees a Twt that starts wiht BEGIN SALTPACK ENCRYPTED MESSAGE and attempts to decrypt it with its Private Key
If successful, it is displays.
If unsuccessful the client ignores this Twt and does not display it
It seems encryption will be invisible to the end user. Again, I don’t claim to know much about what’s being proposed, I will let those who do discuss it. 😂
@david You are correct. Think of this as a "filter" -- But as I said in another Yarn, I can choose to use a separate feed for encrypted Twts.
@david You are correct. Think of this as a "filter" -- But as I said in another Yarn, I can choose to use a separate feed for encrypted Twts.
@david I don't want to discourage any idea, indeed I think it's a good one. I've read the whole RFC 770, so I think I understand the result, but not the why. My concern comes from the overhead of having to:
- Manage a lot of keys (with the problems it creates of string private keys)
- Decrypt every message once it arrives
- Not having a way for the non-compatible browsers to hide this content.
@prologic
"Same argument can be applied to Encrypted Email using GPG", IMO a more accurate one would be encrypting IRC (although you can send messages in a group/channel or in private). Email is a thing with senders and receivers. Everything on twtxt is public by default, so adding a layer of private content on top of something public first, is weird in my mind... Having a different feed sounds good, like the 'semi-public' channel idea I told in my first message.
It seems I'm missing the conversation on IRC in #Yarn.social. I'm looking forward to seeing the result of the RFC. I can't add anything else for now😄
@eaplmx All good points especially on the "separate feed" 👌
@eaplmx All good points especially on the "separate feed" 👌
@prologic @eaplmx I also like the idea about a separate feed for encrypted messages using the post-as feature maybe, so it's easier for other clients to no see the noise of salty jibberish
Could we turn twtxt on it head, so these encrypted feeds are something that all participant are writing to, more like a IRC channel: 2021-01-31T09:59:00Z <darch> message ?
@darch No, how would that work in a decentralized way? 🤔
@darch No, how would that work in a decentralized way? 🤔
@prologic by everyone having write access to the feed using some API maybe.
@darch You wold be changing the "model' too much from a "pull" to "push". The key concept that makes Yarn/Twtxt decentralised is one's ability to self-host your feed, use a piece of software that understands the format and extensions, and interact with the network.
@darch You wold be changing the "model' too much from a "pull" to "push". The key concept that makes Yarn/Twtxt decentralised is one's ability to self-host your feed, use a piece of software that understands the format and extensions, and interact with the network.